Alasdair Kergon

**Name of the Vulnerable Software and Affected Versions** insights-client (affected versions not specified) **Description** A security issue occurs due to insecure file operations or unsafe handling of temporary files and directories, leading to local privilege escalation. An unprivileged local user or attacker could create the /var/tmp/insights-client directory with read, write, and execute permissions before the insights-client is registered by root. After registration, an attacker could control the directory content by putting malicious scripts into it and executing arbitrary code as root, bypassing SELinux protections. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** lvm2 versions prior to 2.02.72 lvm2-udeb (affected versions not specified) **Description** The issue affects the lvm2 package in Debian GNU/Linux and the cluster logical volume manager daemon (clvmd) in lvm2-cluster. It allows a local attacker to exploit vulnerabilities, potentially leading to a denial of service or other unspecified impacts. The exploitation can be done through crafted control commands due to the lack of client credential verification upon socket connection. This may result in the disruption of confidentiality, integrity, and availability of protected information. **Recommendations** For lvm2 versions prior to 2.02.72, update to version 2.02.72 or later to resolve the issue. For lvm2-udeb, at the moment, there is no information about a newer version that contains a fix for this vulnerability.